Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

How Do I Know if My Machine is Free of Malware?

How do I find out or know that my computer is free of keyloggers? Would Windows Defender or MalwareBytes find them if there are any, or do you have a referenced article on the topic where I can read about it? Understand that this is the biggest security concern I have about my computer nowadays.

How do you know your computer is free of keyloggers? You don’t.

It’s not the answer most people want to hear, but it’s the true bottom line.

There are a few reasons for it, which I’ll discuss, as well as what you and I need to do in the face of this rather grim reality.

Become a Patron of Ask Leo! and go ad-free!

A quick note about keyloggers

Be it “keyloggers” or the ever-popular “ransomware”, some terms seem to get people’s attention more than others.

We need to be clear about something: there’s nothing special about keyloggers, and there’s nothing special about ransomware. The names describe what they do, not what they are. What they are is very simple: they’re just forms of malware.

What they do once they arrive might be interesting or severe, but the fact that they are malware warrants our attention. Like any form of malware, the most important thing to do is to prevent them from getting on your machine. The second most important? Detection and removal.

But this applies to all malware.

Proving a negative

100% Secure? There’s no way to absolutely know or prove that your machine doesn’t have malware.

Looking for malware and not finding it isn’t enough — there’s no guarantee your anti-malware tools know all the malware to look for, or all the ways that malware could hide.

No anti-malware tool is guaranteed to catch every possible malware. None. By definition, the creation of malware is always ahead of its detection. Even the very best anti-malware tools are always playing catch-up.

If you run a zillion different anti-malware tools and they all come up empty-handed, this doesn’t prove you have no malware. All it says is that it’s  highly unlikely…

… which, pragmatically, is the best we can hope for.

Staying safe, without proof

The best you and I can do is to stack the deck in our favor.

Make it difficult for malware to arrive. That means not installing untrusted software, not opening random attachments, making sure your firewall is doing its job, not falling for phishing attempts, running good security software, and more.

Make it likely that any malware that makes it through will be caught. That means making sure you’re running up-to-date security software and that it’s scanning appropriately.

Make it possible to recover quickly with minimal impact if something isn’t caught immediately. That means backing up regularly.

Ultimately, it all boils down to the set of rules and admonitions folks in my position have been preaching for years…

… rules and admonitions I’ve laid out in what I consider to be my single most important article: Internet Safety: 7 Steps to Keeping Your Computer Safe on the Internet.

Even getting out of bed is risky

I wish I could offer you a 100% guarantee — a way you can be completely certain your machine is free of malware and all is well.

I can’t. Just like we can’t guarantee that we won’t get hit by a bus or fall down the stairs.

All we can really do is stack the deck in favor of our safety. Look both ways before crossing, hold the handrail, and stay safe online.

There are no guarantees. But, while you should never reduce your vigilance, you can absolutely reduce your concern and carry on using your technology in all the wonderful ways it was intended.

If you found this article helpful, I'm sure you'll also love Confident Computing! My weekly email newsletter is full of articles that help you solve problems, stay safe, and give you more confidence with technology. Subscribe now and I'll see you there soon,


Podcast audio


Video Narration

16 comments on “How Do I Know if My Machine is Free of Malware?”

  1. Funny coincidence. I was riding home from work in a bus (example used in article) on a windy mountain road in the Black Forest and I was thing about how I sit on the right side of the bus in case there’s an accident with an oncoming vehicle. I was thinking about how many risks we take every day and how when it comes to computers, people expect a no risk experience. Actually, when it comes to computers, having multiple backups is the closest we can come to a risk-free experience. I’ve been hit with malware a couple of times, had total system crashes, accidentally deleted files I needed, and had an encryption disaster. In all of these, I was able to recover without losing a single necessary file. Back up daily and you can be as close to risk-free as humanly possible.

  2. Leo, can you comment on Win 10 update 1803 and all that has transpired with it?
    I had to scramble to reconstruct my server after it arrived. Still battling some items.

    • Honestly, it’s been like any other major Windows 10 update: some number of people have a variety of problems ranging from mildly annoying to epic battles. It works for more people than it doesn’t, they just have no reason to complain so we don’t hear from them. It fails for more people than it should, however, and that continues to be an ongoing problem.

  3. Admittedly I’m an old retired IBM mainframe dinosaur but it has always struck me that the whole issue of Windows security could be addressed by the SAF/RACF concepts employed by mainframe operating systems where all system resources are deemed protected and inaccessible to users unless explicitly granted access to by an administrator.

    The cynic in me says it’ll never be fixed because whole industries have grown up around a fundamental flaw in the architecture!

    • That’s pretty much the concept behind User Account Control, UAC. The problem is the user is, in most cases, the owner of the machine and needs to override the block to install programs. I do sometimes wonder why UAC doesn’t do a better job.

      • Thanks Mark, I’ll take a closer look at that, presumably nobody other than me would be able to update my machine unless I gave them access to do so?

    • The schools and libraries, and other places that provide public access use some system that restores everything after each user. I private computers we do not want to restore evrything – los our files -just system. I could us such system,

      BTW, the cynic in you has a good point.

      • Libraries don’t restore after each user. That would mean a long delay between users. What many schools and libraries do is restore the system at the beginning or end of each working day. A backup would perform the same function. You could do this yourself if you kept your data on a separate drive but you’s lose any program tweaks and any data stored in non-user-data-folders.

    • The “fundamental flaw in the architecture” is actually the Registry – essentially a wide open, hackable database. The UAC is a fairly recent (~2008) hack to try to fix Windows security holes. I call it a hack because as most things in Windows it’s yet another patch layered onto years of buried functionality (“I do sometimes wonder why UAC doesn’t do a better job”). Recently, Mark expressed a similar sentiment in the article Networking Sucks, saying “I don’t understand why it’s so difficult for the OS makers to get it right”). Again, the reason is decades of layered OS code, which new developers don’t know or care to understand. They just tweak code until they get what seems to be the desired effect. For Windows to close common security holes it needs to get rid of the Registry and embed the need functionality into the OS code and encrypted files accessible only by the OS. Sure, that won’t be very versatile, but that would keep most hackers away. Incidentally, the Windows Registry was introduced around 1995!

      • The registry is not the problem. It’s “just” a database — perhaps too complicated, but not the cause of all evil. Any alternative (.ini files in other OS’s for example) can also be exploited in similar ways by malware.

        • Ultimately, you are right in that any system can be exploited. But why make it so easy and continue the endless and futile security patching cycle? I said use “encrypted files accessible only by the OS”. None of the OS data need to be in any type of database that’s directly editable. Encrypted and proprietary encoded databases should go a long way to stop any tom, dick and harry or every application or script from mucking with the OS. I once had a stock portfolio application save its data (my stock data) in the Registry. That’s absurd. With the Registry, MS has provided the means, tools and documentation for anyone to change the way the OS behaves. You can remotely query the Registry to find out the system’s configuration, you an run an application, script, service or DLL in DOZENS of ways, you can change user permissions, and even store a script within the Registry. MS certainly has the resources to take a fresh look at the OS back-end design, but it seems that it’s happy spending money on daily patches, and patches to patches, and patches ….

          • One of the reasons Microsoft uses the registry at all is to restrict access. It uses the exact same security model as user accounts, so they can (and do) control access to a significantly granular level. It’s not “so easy” … the exploits that cause the most problems are ones that have achieved administrative access already, so they too would be able to access encrypted files (supposedly) accessible only by the OS.

  4. Leo, it was a pleasure to read your article and watch the video, but you did not mention one thing: what to do if you caught a ransomware and your computer have been encrypted. Many people are not doing backups, so what to do next? I am not sure if the links are allowed in your website, but i would like to share this article: I think there are some good information on how to behave in that case of PC enrciption by ransomware. Thank you and good luck.


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.